Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/Zc_qN5yV7C6_iTqYnxgWkO668II.roa
File:                     Zc_qN5yV7C6_iTqYnxgWkO668II.roa (raw, json)
Hash identifier:          ncyOJecAb5Awx5nOSLBNEEc0M4qEwU/5XUkA9Xs683c=
Subject key identifier:   65:CF:EA:37:9C:95:EC:2E:BF:89:3A:98:9F:18:16:90:EE:BA:F0:82
Certificate issuer:       /CN=b03c302c2f52277e3d0ab6842f68aa5f8d0d7787
Certificate serial:       018CC871372856FBF2011C0E8D4126554031
Authority key identifier: B0:3C:30:2C:2F:52:27:7E:3D:0A:B6:84:2F:68:AA:5F:8D:0D:77:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/Zc_qN5yV7C6_iTqYnxgWkO668II.roa
Signing time:             Tue 02 Jan 2024 04:31:51 +0000
ROA not before:           Tue 02 Jan 2024 04:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25454
IP address blocks:        217.12.112.0/20 maxlen: 24
                          185.8.68.0/22 maxlen: 22
                          94.243.64.0/18 maxlen: 24
                          212.56.192.0/19 maxlen: 24
                          185.167.132.0/22 maxlen: 24
                          188.131.0.0/17 maxlen: 24
                          77.89.192.0/18 maxlen: 24
                          46.166.0.0/18 maxlen: 24
                          193.239.182.0/23 maxlen: 24
                          195.22.224.0/19 maxlen: 24
                          2a00:1858::/32 maxlen: 48

Validation:               Failed, certificate revoked on Fri 05 Jan 2024 15:29:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:37:28:56:fb:f2:01:1c:0e:8d:41:26:55:40:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b03c302c2f52277e3d0ab6842f68aa5f8d0d7787
        Validity
            Not Before: Jan  2 04:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65cfea379c95ec2ebf893a989f181690eebaf082
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:59:72:16:08:eb:e1:46:1a:e4:82:bc:b4:22:
                    e7:53:48:76:28:f1:3f:ab:6c:58:cd:97:3d:0f:ea:
                    49:8e:71:21:65:a0:65:fa:c7:bd:67:76:7d:25:8d:
                    60:0e:eb:e2:c1:06:a0:ec:01:58:83:b9:a6:a6:57:
                    ff:63:cd:cf:7f:bf:84:f6:39:0f:f5:56:1d:b7:e1:
                    29:db:a4:d2:36:e1:4a:2d:a0:b0:32:71:0e:83:36:
                    48:25:65:7c:db:b4:bd:09:a2:fa:4a:82:7d:cf:8a:
                    f6:0c:95:02:c7:64:19:1a:ed:82:f8:aa:ce:54:28:
                    f1:b8:2f:46:1c:8d:ad:fc:2b:02:12:f6:7c:9c:1b:
                    3f:48:36:6f:55:b8:cb:4c:1d:6f:e0:ba:a8:84:72:
                    d2:61:4b:0a:d6:1f:c1:d5:7b:01:99:9a:b1:29:0e:
                    7c:89:b4:eb:57:97:67:be:96:dd:db:f9:e9:aa:6a:
                    4e:3b:d3:15:59:f6:2d:78:26:83:14:ac:08:5c:90:
                    6d:ab:61:98:1b:34:30:2f:59:2b:49:b0:00:9c:a7:
                    eb:30:74:ab:05:49:14:fb:df:ab:a1:5b:ad:b0:22:
                    55:d0:6c:06:f6:a0:12:1b:e9:8c:83:7d:63:db:b8:
                    e9:c9:33:bd:30:3c:75:55:53:01:7d:29:d8:60:43:
                    e8:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:CF:EA:37:9C:95:EC:2E:BF:89:3A:98:9F:18:16:90:EE:BA:F0:82
            X509v3 Authority Key Identifier:
                keyid:B0:3C:30:2C:2F:52:27:7E:3D:0A:B6:84:2F:68:AA:5F:8D:0D:77:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/Zc_qN5yV7C6_iTqYnxgWkO668II.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/sDwwLC9SJ349CraEL2iqX40Nd4c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.166.0.0/18
                  77.89.192.0/18
                  94.243.64.0/18
                  185.8.68.0/22
                  185.167.132.0/22
                  188.131.0.0/17
                  193.239.182.0/23
                  195.22.224.0/19
                  212.56.192.0/19
                  217.12.112.0/20
                IPv6:
                  2a00:1858::/32

    Signature Algorithm: sha256WithRSAEncryption
         98:fa:97:d4:04:dd:d2:47:d1:24:eb:d4:21:83:b4:ac:8f:68:
         4f:50:c1:72:ee:06:03:12:aa:8d:87:bb:9f:60:10:81:a5:fc:
         2e:35:00:5c:75:38:84:94:42:ca:9b:19:16:06:75:67:e6:f1:
         05:ea:19:a4:e8:f2:1e:11:47:ba:6d:ed:de:e7:f4:44:b1:07:
         d0:65:00:12:5e:ee:19:60:aa:d8:a5:62:ea:87:e8:79:c1:62:
         0c:d2:7f:9f:00:74:22:35:a5:6a:67:6a:f2:62:e7:cd:87:b4:
         1d:4f:43:a3:d1:2e:11:fa:02:1e:27:97:1f:d3:14:4c:5a:50:
         f0:60:5c:0e:c5:86:57:80:f3:87:f8:00:31:97:54:fc:c1:9a:
         22:bf:86:07:5e:32:13:4a:83:7f:d9:f8:db:e4:19:7b:11:83:
         40:8d:25:52:3b:e1:a7:c6:85:a3:72:f6:87:c1:a0:bf:dc:fc:
         41:96:35:5c:72:05:36:25:83:ad:d5:5e:13:29:49:7b:5b:c5:
         e0:5a:2e:4a:2e:3c:0e:0a:f8:59:d6:39:ec:a9:be:58:35:37:
         bf:e2:05:7d:23:4a:5c:c6:b8:dc:fb:40:31:b0:49:a5:9c:de:
         5b:87:7c:d7:d6:84:75:0f:7b:07:3a:4a:04:a3:e8:a7:4a:1a:
         8c:2a:7e:ea
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYzIcTcoVvvyARwOjUEmVUAxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwM2MzMDJjMmY1MjI3N2UzZDBhYjY4NDJmNjhhYTVmOGQw
ZDc3ODcwHhcNMjQwMTAyMDQzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWNmZWEzNzljOTVlYzJlYmY4OTNhOTg5ZjE4MTY5MGVlYmFmMDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFlyFgjr4UYa5IK8tCLnU0h2KPE/
q2xYzZc9D+pJjnEhZaBl+se9Z3Z9JY1gDuviwQag7AFYg7mmplf/Y83Pf7+E9jkP
9VYdt+Ep26TSNuFKLaCwMnEOgzZIJWV827S9CaL6SoJ9z4r2DJUCx2QZGu2C+KrO
VCjxuC9GHI2t/CsCEvZ8nBs/SDZvVbjLTB1v4LqohHLSYUsK1h/B1XsBmZqxKQ58
ibTrV5dnvpbd2/npqmpOO9MVWfYteCaDFKwIXJBtq2GYGzQwL1krSbAAnKfrMHSr
BUkU+9+roVutsCJV0GwG9qASG+mMg31j27jpyTO9MDx1VVMBfSnYYEPocQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFGXP6jeclewuv4k6mJ8YFpDuuvCCMB8GA1UdIwQY
MBaAFLA8MCwvUid+PQq2hC9oql+NDXeHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0R3d0xDOVNKMzQ5Q3JhRUwyaXFYNDBOZDRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9hMmVjOWMtOWQ3Ni00ZTk0LTllM2Et
NmY3MDI0YzNhYWQ3LzEvWmNfcU41eVY3QzZfaVRxWW54Z1drTzY2OElJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9hMmVjOWMtOWQ3Ni00ZTk0LTllM2EtNmY3MDI0YzNhYWQ3
LzEvc0R3d0xDOVNKMzQ5Q3JhRUwyaXFYNDBOZDRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQGLqYAAwQG
TVnAAwQGXvNAAwQCuQhEAwQCuaeEAwQHvIMAAwQBwe+2AwQFwxbgAwQF1DjAAwQE
2QxwMA0EAgACMAcDBQAqABhYMA0GCSqGSIb3DQEBCwUAA4IBAQCY+pfUBN3SR9Ek
69Qhg7Ssj2hPUMFy7gYDEqqNh7ufYBCBpfwuNQBcdTiElELKmxkWBnVn5vEF6hmk
6PIeEUe6be3e5/REsQfQZQASXu4ZYKrYpWLqh+h5wWIM0n+fAHQiNaVqZ2ryYufN
h7QdT0Oj0S4R+gIeJ5cf0xRMWlDwYFwOxYZXgPOH+AAxl1T8wZoiv4YHXjITSoN/
2fjb5Bl7EYNAjSVSO+GnxoWjcvaHwaC/3PxBljVccgU2JYOt1V4TKUl7W8XgWi5K
LjwOCvhZ1jnsqb5YNTe/4gV9I0pcxrjc+0AxsEmlnN5bh3zX1oR1D3sHOkoEo+in
ShqMKn7q
-----END CERTIFICATE-----